Re: Hardening a firewall box

To: Dirk Eddelbuettel <edd@debian.org>
Cc: debian-firewall@lists.debian.org
Subject: Re: Hardening a firewall box
From: Bernd Eckenfels <lists@lina.inka.de>
Date: Sun, 9 Jan 2000 22:37:28 +0100
Message-id: <[🔎] 20000109223728.C21770@lina.inka.de>
In-reply-to: <[🔎] 14455.57090.621286.79424@sonny.nulle.part>; from edd@debian.org on Sat, Jan 08, 2000 at 08:19:14PM -0500
References: <[🔎] 14455.57090.621286.79424@sonny.nulle.part>

On Sat, Jan 08, 2000 at 08:19:14PM -0500, Dirk Eddelbuettel wrote:
> -- do we have a basic "hardening howto" document ?

Depends on your OS, you might start at the Ressource Page of the
www.freefire.org project.

> -- how do keep services like time, talk, ... accessible "inside" (ie on eth1
> on 192.168.1.*) but _not_ to the outside world on eth0 ?

The simple solution is to use IP-Filter t restrict incoming packages
depending on the interface, thats a good idea for spoof protection anyway.
Another option would be to bind those services to a special address. You can
do that with g2s or xinetd. However you should be aware that this will
require some fiters, too. To avoid external hosts to contact the internal
interfaces address. (in case that is an routeable address).

Greetings
Bernd
-- 
  (OO)      -- Bernd_Eckenfels@Wendelinusstrasse39.76646Bruchsal.de --
 ( .. )  ecki@{inka.de,linux.de,debian.org} http://home.pages.de/~eckes/
  o--o     *plush*  2048/93600EFD  eckes@irc  +497257930613  BE5-RIPE
(O____O)  When cryptography is outlawed, bayl bhgynjf jvyy unir cevinpl!

Reply to:

References:
- Hardening a firewall box
  - From: Dirk Eddelbuettel <edd@debian.org>

Prev by Date: Problems with ICQ over ipchains NAT?
Next by Date: socks4 server: Security implications?
Previous by thread: Re: Hardening a firewall box
Next by thread: Problems with ICQ over ipchains NAT?
Index(es):
- Date
- Thread